Digital Britain report promises a national Cyber Security Strategy

The “Digital Britain” report, published today has an excellent section on “Digital Security and Safety”. The report makes it clear that there will definitely be a national Cyber Security Strategy, something I have been calling for for some time, when it says:

“The UK’s National Security Strategy describes how ‘cyber security’ cuts across almost all the national security challenges that it identifies, and the need to address them in a coherent way. To this end, the Government is developing a Cyber Security Strategy to build a safe, secure and resilient cyber space for the UK, through both the beneficial exploitation of cyber space and the reduction of risks posed by those who seek to do the UK harm: the forthcoming Cyber Security Strategy will set out how the Government intends to approach this task.”

This is an extremely welcome development. When Lord Stephen Carter made his statement introducing the report in the House of Lords this afternoon, I asked him when the Strategy might be issued and he said he hoped it would be ready by the end of July.

[…] to the Independent this morning, the announcement of the new Cyber Security Strategy that was promised last week and that I have been calling for over the weeks (years?) will take place tomorrow. […]

I’m a data and information security specialist – In the DBR there are the usual public sector overarching umbrella statements with no real detail on how it will be delivered. The flowery language of the DBR consists mainly of “Social inclusion”. Pardon whilst I roll my eys around. The network is expanding, more processor power is available to botnets and organised crime, the next generation of accessibility is spoken about with no counter to the next generation threats. We humans currently are using 20th Century technology and strategies whilst crime innovates the 21st century threats. Public and private keys are weakening – enterprise class firewalls are falling over to brute force attack – username and password fields throw complexity at the user and ease back at the criminal. Do they really know what “exactly – precisely” they are fighting against? and how “exactly – precisely” are they going to come up with the correct strategy? and when “exactly – precisely” are they going to deliver it? ….all of this of course, interestingly, is missing in Stephen Carter’s report.